[Request] [+ ] D11259: subrepo: compare normalised vfs path

marmoute (Pierre-Yves David) phabricator at mercurial-scm.org
Thu Aug 5 16:58:34 UTC 2021


marmoute created this revision.
Herald added a reviewer: hg-reviewers.
Herald added a subscriber: mercurial-patches.

REVISION SUMMARY
  Otherwise the realpath call can turn `/` into `\` on windows confusing the
  check.
  
  (We probably needs this in more location)

REPOSITORY
  rHG Mercurial

BRANCH
  stable

REVISION DETAIL
  https://phab.mercurial-scm.org/D11259

AFFECTED FILES
  mercurial/subrepo.py

CHANGE DETAILS

diff --git a/mercurial/subrepo.py b/mercurial/subrepo.py
--- a/mercurial/subrepo.py
+++ b/mercurial/subrepo.py
@@ -458,12 +458,14 @@
         create = allowcreate and not r.wvfs.exists(b'%s/.hg' % path)
         # repository constructor does expand variables in path, which is
         # unsafe since subrepo path might come from untrusted source.
-        if os.path.realpath(util.expandpath(root)) != root:
+        norm_root = os.path.normcase(root)
+        real_root = os.path.normcase(os.path.realpath(util.expandpath(root)))
+        if real_root != norm_root:
             raise error.Abort(
                 _(b'subrepo path contains illegal component: %s') % path
             )
         self._repo = hg.repository(r.baseui, root, create=create)
-        if self._repo.root != root:
+        if os.path.normcase(self._repo.root) != os.path.normcase(root):
             raise error.ProgrammingError(
                 b'failed to reject unsafe subrepo '
                 b'path: %s (expanded to %s)' % (root, self._repo.root)



To: marmoute, #hg-reviewers
Cc: mercurial-patches, mercurial-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mercurial-scm.org/pipermail/mercurial-patches/attachments/20210805/20903245/attachment-0001.html>


More information about the Mercurial-patches mailing list